Bugs in IPC can have nasty consequences, so we take special care to make sure additions or changes to IPC avoid common security pitfalls. If you want to get involved, check out how to become an IPC reviewer here.

Join the teamAccess to Chromium security bugs and our team mailing list is restricted, for obvious reasons. Before applying to join the team, applicants must be committers and are expected to have made and continue to make active and significant contributions to Chromium security. You should demonstrate some of the following before applying:

Relevant technical expertise and a history of patches that improve Chromium security.

A history of identifying and responsibly reporting Chromium security vulnerabilities.

Other expertise and/or roles that would allow the applicant to significantly contribute to Chromium security on a regular basis.

[required]: Be a committer, and have no personal or professional association that is an ethical conflict of interest (e.g. keeping vulnerabilities or exploits private, or sharing with parties other than the vendor).

Advance notice of (fixed) Chromium security vulnerabilities is restricted to those actively building significant products based upon Chromium, or including Chromium as part of bundled software distributions. If you meet the criteria, and require advanced notice of vulnerabilities, request access via security@chromium.org. Your email should explain your need for access (embedder, Linux distribution, etc.) and your continued access will require that you follow the terms of list membership.

There is one simple rule for any party with advance access to security vulnerabilities in Chromium: any details of a vulnerability should be considered confidential and only shared on a need to know basis until such time that the vulnerability is responsibly disclosed by the Chromium project. Additionally, any vulnerabilities in third-party dependencies (e.g. Blink, open source parser libraries, etc.) must be treated with the same consideration. Access will be terminated for any member who fails to comply with this rule in letter or spirit.